Posts tagged ‘wordpress’

Older WordPress Versions Are Insecure

Image representing WordPress as depicted in Cr...
Image via CrunchBase

I have said this many times before: UPGRADE WORDPRESS WHEN PROMPTED.  This one is in the style of “beating you about the head and body and then caning you across the eyeballs“.  Why?  Because a hack has been discovered that makes your older, more stable, more comfortable WordPress.org install very insecure and really you may as well make the password Pa55w0rd – because your older version can and will be pwned.

Now that I have your attention….  Go to Lorelle’s site, Robert Scoble’s site and the WordPress Dev Blog to see details of this new exploit.  If you have version 2.8.4 (like what I do), you are more secure.  As well as upgrading, remove the default admin account and create a new one (reverse order, is good on that one), check for phantom admin accounts and make sure you are using a strong password.  There are other things to do, but that will keep you going for now.

I regularly get comments such as “if I upgrade it breaks all my plugins”, “my theme doesn’t work if I upgrade now” and so on.  You now get to make a value judgment: if you don’t upgrade you could end up no longer owning your blog vs giving up or changing a few plugins or a theme.  Which of these is the worst case scenario for you?

Upgrade now. You know it makes sense.

Reblog this post [with Zemanta]

Get WordPress 2.8.1

Image representing WordPress as depicted in Cr...

Just noticed that the latest WordPress.org update has been out since Thursday.  This time round the update does the following:

  • Certain themes were calling get_categories() in such a way that it would fail in 2.8. 2.8.1 works around this so these themes won’t have to change.
  • Dashboard memory usage is reduced.  Some people were running out of memory when loading the dashboard, resulting in an incomplete page.
  • The automatic upgrade no longer accidentally deletes files when cleaning up from a failed upgrade.
  • A problem where the rich text editor wasn’t being loaded due to compression issues has been worked around.
  • Extra security has been put in place to better protect you from plugins that do not do explicit permission checks.
  • Translation of role names fixed.
  • wp_page_menu() defaults to sorting by the user specified menu order rather than the page title.
  • Upload error messages are now correctly reported.
  • Autosave error experienced by some IE users is fixed.
  • Styling glitch in the plugin editor fixed.
  • SSH2 filesystem requirements updated.
  • Switched back to curl as the default transport.
  • Updated the translation library to avoid a problem with mbstring.func_overload.
  • Stricter inline style sanitization.
  • Stricter menu security.
  • Disabled code highlighting due to browser incompatibilities.
  • RTL layout fixes.

If you’re into that sort of thing, you can read all about the changes between 2.8 and 2.8.1 here, and more details are here.  I upgraded using the auto-upgrade feature in the dashboard and it took under a minute.

Reblog this post [with Zemanta]

Fixing Your RSS Feed Problems in WordPress

Just a quick post here.  I had been having real issues with the RSS feeds over the last few weeks.  In short, they weren’t working.  See the issues I was having over here.  As a good forum goer, I hit Google and also searched the forums for a solution.  To no avail.

So if you see this:

PROBLEM: FeedMedic Alert for http://feeds2.feedburner.com/<blog name>/EaHL
07/03/09 13:59

FeedBurner had trouble retrieving your Source Feed: http://www.<blog name>.org/feed/

The error message is:

Error on line 2: The processing instruction target matching "[xX][mM][lL]" is not allowed.

The fix that worked for me is here.  This fixed the issue immediately and I feel relieved.  Thank you to w3it.org your advice was great.

I am posting this in case anyone else has the problem and also in case a future upgrade of WordPress brings back the problem.

Ch-Ch-Ch-Ch-Changes

Because I hold you all in such high regard (*pause, gesture, sincere forehead*) I’m going to come clean about a few things.  Things you need to know about. (*pause, gesture, furrowed brow*).  Some of these things you will have noticed immediately, others you may not have (*look around, meeting everyone’s eye, sincere half-smile*).

My all-knowing dashboard kindly informed me that WordPress 2.7.1 was out and that I had to upgrade.  No problemo, thought I, piece of cake.  The 5 minute install and upgrade instructions are very clear and a complete idiot can follow them and do it all.  Right?  Guys?  Yeah, I got distracted.  Only for a second but it was enough.  I was ssh-ing and moving stuff with panache and then I realised, I had cunningly managed to overwrite the wp-content folder with a fresh one.  This is the folder that contains the theme (and any changes) and all the plugins.  So yeah, I am a true genius.

So there you are, a cautionary tale and all that.  Fortunately, it gave me the opportunity to make a few changes here.  Much of this is in the background, I was able to take out a bunch of plugins that no longer work and update a few others.  I also enabled IntenseDebate and it imported everything very quickly indeed this time – it will only really matter to you if you comment on other blogs that also use it.  SpamKarma2 has been sadly discontinued, so I have gone with the default Akismet.  There are a few other bits of functionality that I’m missing, but I’ll get that sorted.

Finally, and most obviously, you’ll see that I have a smallish (200×200) AdSense ad.  This is not my new money making scheme.  After seeing one of Dominic’s latest posts, I became curious as to what I would see on my own site.  You will, hilariously, see lots of ads for psychics and other snake-oil salesmen.  Here’s the deal, click the ads or don’t – this really is up to you.  I have a day job and everything and it pays well enough that I only need one paying job.  On the other hand, if you do click the ads and go through to these places, you will be making a psychic donate to an openly skeptical site.  As I said, the choice is entirely yours, there are no tip jar or donate buttons here and this was simply to see what comes up.

There may well be other changes and tweaks coming up, but these are the most obvious.

WordPress 2.7

As predicted by me old mucker Mr Corey, I am letting you know that I have now installed WordPress.org 2.7 – this is a major milestone and gives an entirely new look to the dashboard.  Get it here and learn about the install here and the upgrade here.  WordPress.com users were upgraded a few days ago.  Learn more here: http://wordpress.org/development/2008/12/coltrane/

New Plugin – IntenseDebate

As a fan of threaded comments, I decided to try out a new plugin – IntenseDebate.  This plugin allows for threaded comments, reply by email, commenter profiles and reputation points (though I may need to be sold on the value of this last one).  As with all WordPress plugins, the install is a matter of unzipping the file to your plugin folder and then activating it in the plugin section of the dashboard.

The plugin supports WordPress (duh!), Blogger, TypePad and Tmblr with more to come.

UPDATE – I have disabled the plugin.  Indexing the comments was taking too long, Commentluv and KeywordLuv were inactive and it was too much trouble.  This is not to say that there is anything wrong with the plugin – if I had started with IntenseDebate from the beginning, there would not have been any issues, but the wait was just too great.  Don’t let me put you off it – if I were to start a second blog, I would definitely install it.